Audit shows IRS failed to adequately identify security weaknesses

By
Follow google news

The U.S. Internal Revenue Service used a flawed and ineffective process for monitoring system security weaknesses, according to a report recently released by the Treasury Inspector General for Tax Administration.

The IRS failed to accurately and completely describe security weaknesses, understated the number of weaknesses, and overstated progress in addressing the weaknesses, the report said.


Specifically, the agency prepared nearly identical reports for each system, noting only broad control topics rather than specific problems.

Also, the IRS assumed that if a system was certified and accredited, then nearly all of its weaknesses had been addressed. "This assumption is not valid since certified and accredited systems can still have security weaknesses," the IG wrote.

As a result of the flawed process, the information given to the Office of Management and Budget and the Inspector General has been "inaccurate and misleading," according to the audit.

IRS management agreed with the audit's findings and has established a working group to develop an approach for managing the process.

www.treas.gov/tigta

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
auditfailedidentifyirssecurityshowstoweaknesses

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Service NSW launches Digital ID pilot

Service NSW launches Digital ID pilot
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Windows Secure Boot certificates expire in June, Microsoft warns

Windows Secure Boot certificates expire in June, Microsoft warns
Under malware threat, runaway AI agent project OpenClaw turns to Google's VirusTotal

Under malware threat, runaway AI agent project OpenClaw turns to Google's VirusTotal
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?